tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From removeps-gro...@yahoo.com
Subject Re: How can the login page see parameters in the original request?
Date Fri, 02 Jan 2009 03:39:52 GMT
Most thorough, thanks!


--- On Thu, 1/1/09, Konstantin Kolinko <knst.kolinko@gmail.com> wrote:

> From: Konstantin Kolinko <knst.kolinko@gmail.com>
> Subject: Re: How can the login page see parameters in the original request?
> To: "Tomcat Users List" <users@tomcat.apache.org>
> Date: Thursday, January 1, 2009, 3:53 PM
> 2009/1/1  <removeps-groups@yahoo.com>:
> > Do you mean set session attributes?  How do you do
> that from the client side?
> >
> >
> 
> a) You can set them in another page (an unprotected one)
> that is
> accessed before,
> or that redirects to this one.
> 
> b) You can pass your secrets as a cookie, or as a request
> header. Cookies
> can be created on the client side.
> 
> c) You can use RemoteAddrValve and block those clients that
> should not
> know about your service.
> 
> d) You can throw away all the security constraints from
> web.xml and use
> alternative approaches, e.g. those that implement a Filter,
> e.g.
> 
> securityfilter ([1]), that is ofter mentioned on this list
> and should be easy
> to adopt, or some others
> 
> [1] http://securityfilter.sourceforge.net/
> 
> Best regards,
> Konstantin Kolinko
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail:
> users-help@tomcat.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message